diff --git a/charts/ondat-operator/Chart.yaml b/charts/ondat-operator/Chart.yaml index 8f53128..1e10deb 100644 --- a/charts/ondat-operator/Chart.yaml +++ b/charts/ondat-operator/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "v2.5.0" +appVersion: "v2.6.0" description: Cloud Native storage for containers name: ondat-operator -version: 0.5.3 +version: 0.5.4 keywords: - storage - block-storage diff --git a/charts/ondat-operator/crds/storageoscluster_crd.yaml b/charts/ondat-operator/crds/storageoscluster_crd.yaml index 42200aa..e718ce5 100644 --- a/charts/ondat-operator/crds/storageoscluster_crd.yaml +++ b/charts/ondat-operator/crds/storageoscluster_crd.yaml @@ -98,6 +98,9 @@ spec: disableTelemetry: description: Disable Telemetry. type: boolean + enablePortalManager: + description: EnablePortalManager enables Portal Manager. + type: boolean environment: additionalProperties: type: string @@ -133,6 +136,12 @@ spec: type: string nodeContainer: type: string + nodeManagerContainer: + type: string + portalManagerContainer: + type: string + upgradeGuardContainer: + type: string type: object ingress: description: 'Ingress defines the ingress configurations used in the cluster. Deprecated: Not used any more, please create your ingress for dashboard on your own.' @@ -167,6 +176,11 @@ spec: namespace: description: 'Namespace is the kubernetes Namespace where storageos resources are provisioned. Deprecated: StorageOS uses namespace of storageosclusters.storageos.com resource.' type: string + nodeManagerFeatures: + additionalProperties: + type: string + description: Node manager feature list with optional configurations. + type: object nodeSelectorTerms: description: NodeSelectorTerms is to set the placement of storageos pods using node affinity requiredDuringSchedulingIgnoredDuringExecution. items: diff --git a/charts/ondat-operator/templates/config-maps.yaml b/charts/ondat-operator/templates/config-maps.yaml index 5fe7e9b..5b95a04 100644 --- a/charts/ondat-operator/templates/config-maps.yaml +++ b/charts/ondat-operator/templates/config-maps.yaml @@ -54,6 +54,15 @@ data: {{- if and .Values.cluster.images.node.repository .Values.cluster.images.node.tag }} RELATED_IMAGE_STORAGEOS_NODE: "{{ .Values.cluster.images.node.repository }}:{{ .Values.cluster.images.node.tag }}" {{- end }} + {{- if and .Values.cluster.images.nodeManager.repository .Values.cluster.images.nodeManager.tag }} + RELATED_IMAGE_NODE_MANAGER: "{{ .Values.cluster.images.nodeManager.repository }}:{{ .Values.cluster.images.nodeManager.tag }}" + {{- end }} + {{- if and .Values.cluster.images.portalManager.repository .Values.cluster.images.portalManager.tag }} + RELATED_IMAGE_PORTAL_MANAGER: "{{ .Values.cluster.images.portalManager.repository }}:{{ .Values.cluster.images.portalManager.tag }}" + {{- end }} + {{- if and .Values.cluster.images.upgradeGuard.repository .Values.cluster.images.upgradeGuard.tag }} + RELATED_IMAGE_UPGRADE_GUARD: "{{ .Values.cluster.images.upgradeGuard.repository }}:{{ .Values.cluster.images.upgradeGuard.tag }}" + {{- end }} kind: ConfigMap metadata: labels: diff --git a/charts/ondat-operator/templates/operator.yaml b/charts/ondat-operator/templates/operator.yaml index ab392ae..b4b1ee5 100644 --- a/charts/ondat-operator/templates/operator.yaml +++ b/charts/ondat-operator/templates/operator.yaml @@ -54,6 +54,13 @@ spec: port: 8081 initialDelaySeconds: 5 periodSeconds: 10 + resources: + limits: + cpu: 250m + memory: 200Mi + requests: + cpu: 10m + memory: 100Mi securityContext: allowPrivilegeEscalation: false volumeMounts: @@ -71,7 +78,7 @@ spec: - containerPort: 8443 name: https securityContext: - runAsUser: 65532 + runAsNonRoot: true serviceAccountName: {{ template "storageos.serviceAccountName" . }} terminationGracePeriodSeconds: 10 volumes: diff --git a/charts/ondat-operator/templates/rbac.yaml b/charts/ondat-operator/templates/rbac.yaml index cfcd712..5f38b50 100644 --- a/charts/ondat-operator/templates/rbac.yaml +++ b/charts/ondat-operator/templates/rbac.yaml @@ -105,6 +105,27 @@ rules: - validatingwebhookconfigurations verbs: - '*' +- apiGroups: + - api.storageos.com + resources: + - nodes + - volumes + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - api.storageos.com + resources: + - nodes/status + - volumes/status + verbs: + - get + - patch + - update - apiGroups: - apiextensions.k8s.io resources: @@ -150,6 +171,9 @@ rules: resources: - poddisruptionbudgets verbs: + - create + - delete + - get - list - watch - apiGroups: @@ -234,6 +258,61 @@ metadata: heritage: {{ .Release.Service }} name: storageos:operator:api-manager rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - endpoints/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -257,6 +336,7 @@ rules: verbs: - get - list + - update - watch - apiGroups: - "" @@ -375,6 +455,168 @@ rules: - watch --- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: {{ template "storageos.name" . }} + app.kubernetes.io/component: operator + chart: {{ template "storageos.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: storageos:operator:node-manager +rules: +- apiGroups: + - api.storageos.com + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - api.storageos.com + resources: + - volumes + verbs: + - get + - list + - watch +- apiGroups: + - storageos.com + resources: + - storageosclusters + verbs: + - get + - list + - watch +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: {{ template "storageos.name" . }} + app.kubernetes.io/component: operator + chart: {{ template "storageos.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: storageos:operator:portal-manager +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + - persistentvolumeclaims + - persistentvolumes + - pods + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - api.storageos.com + resources: + - nodes + - volumes + verbs: + - list + - watch +- apiGroups: + - apps + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch +- apiGroups: + - storageos.com + resources: + - storageosclusters + verbs: + - list + - watch +- apiGroups: + - storageos.com + resources: + - storageosportals + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -416,7 +658,7 @@ metadata: chart: {{ template "storageos.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} - name: storageos:proxy + name: storageos:proxy:operator rules: - apiGroups: - authentication.k8s.io @@ -472,6 +714,46 @@ subjects: name: storageos-operator namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: {{ template "storageos.name" . }} + app.kubernetes.io/component: operator + chart: {{ template "storageos.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: storageos:operator:node-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: storageos:operator:node-manager +subjects: +- kind: ServiceAccount + name: storageos-operator + namespace: storageos + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: {{ template "storageos.name" . }} + app.kubernetes.io/component: operator + chart: {{ template "storageos.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: storageos:operator:portal-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: storageos:operator:portal-manager +subjects: +- kind: ServiceAccount + name: storageos-operator + namespace: storageos + --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -502,11 +784,11 @@ metadata: chart: {{ template "storageos.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} - name: storageos:proxy + name: storageos:proxy:operator roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: storageos:proxy + name: storageos:proxy:operator subjects: - kind: ServiceAccount name: storageos-operator diff --git a/charts/ondat-operator/values.yaml b/charts/ondat-operator/values.yaml index d01e183..4f4b38c 100644 --- a/charts/ondat-operator/values.yaml +++ b/charts/ondat-operator/values.yaml @@ -27,7 +27,7 @@ podSecurityPolicy: operator: image: repository: storageos/operator - tag: v2.5.0 + tag: v2.6.0 pullPolicy: IfNotPresent # cluster-specific configuation parameters. @@ -101,7 +101,7 @@ cluster: images: apiManager: repository: storageos/api-manager - tag: v1.2.2 + tag: v1.2.5 csiV1ExternalAttacherV3: repository: quay.io/k8scsi/csi-attacher tag: v3.1.0 @@ -119,12 +119,21 @@ cluster: tag: v2.1.0 init: repository: storageos/init - tag: v2.1.0 + tag: v2.1.1 # nodeContainer is the StorageOS node image to use, available from the # [Docker Hub](https://hub.docker.com/r/storageos/node/). node: repository: storageos/node - tag: v2.5.0 + tag: v2.6.0 + nodeManager: + repository: storageos/node-manager + tag: v0.0.2 + portalManager: + repository: storageos/portal-manager + tag: v1.0.1 + upgradeGuard: + repository: storageos/upgrade-guard + tag: v0.0.2 # The following is used for cleaning up unmanaged cluster resources when # auto-install is enabled.